GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-12-06 13:48:17 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-7 SAMSUNG_HD103SJ rev.1AJ10001 931,51GB Running: f6rdfiiw.exe; Driver: C:\Users\PIOTRU~1\AppData\Local\Temp\kfxoyfow.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe[1744] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077641401 2 bytes JMP 7610b21b C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe[1744] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077641419 2 bytes JMP 7610b346 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe[1744] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077641431 2 bytes JMP 76188fd1 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe[1744] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007764144a 2 bytes CALL 760e489d C:\Windows\syswow64\KERNEL32.dll .text ... * 9 .text C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe[1744] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000776414dd 2 bytes JMP 761888c4 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe[1744] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000776414f5 2 bytes JMP 76188aa0 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe[1744] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007764150d 2 bytes JMP 761887ba C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe[1744] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077641525 2 bytes JMP 76188b8a C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe[1744] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007764153d 2 bytes JMP 760ffca8 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe[1744] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077641555 2 bytes JMP 761068ef C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe[1744] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007764156d 2 bytes JMP 76189089 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe[1744] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077641585 2 bytes JMP 76188bea C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe[1744] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007764159d 2 bytes JMP 7618877e C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe[1744] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000776415b5 2 bytes JMP 760ffd41 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe[1744] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000776415cd 2 bytes JMP 7610b2dc C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe[1744] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000776416b2 2 bytes JMP 76188f4c C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe[1744] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000776416bd 2 bytes JMP 76188713 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[4208] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077641401 2 bytes JMP 7610b21b C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[4208] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077641419 2 bytes JMP 7610b346 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[4208] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077641431 2 bytes JMP 76188fd1 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[4208] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007764144a 2 bytes CALL 760e489d C:\Windows\syswow64\KERNEL32.dll .text ... * 9 .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[4208] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000776414dd 2 bytes JMP 761888c4 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[4208] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000776414f5 2 bytes JMP 76188aa0 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[4208] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007764150d 2 bytes JMP 761887ba C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[4208] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077641525 2 bytes JMP 76188b8a C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[4208] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007764153d 2 bytes JMP 760ffca8 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[4208] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077641555 2 bytes JMP 761068ef C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[4208] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007764156d 2 bytes JMP 76189089 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[4208] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077641585 2 bytes JMP 76188bea C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[4208] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007764159d 2 bytes JMP 7618877e C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[4208] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000776415b5 2 bytes JMP 760ffd41 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[4208] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000776415cd 2 bytes JMP 7610b2dc C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[4208] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000776416b2 2 bytes JMP 76188f4c C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[4208] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000776416bd 2 bytes JMP 76188713 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5528] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000774913ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5528] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077491544 8 bytes [60, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5528] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 00000000774918ce 8 bytes [50, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5528] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077491ba8 8 bytes [40, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5528] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077491d25 8 bytes [30, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5528] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077491e8f 8 bytes [20, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5528] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077491f75 8 bytes [10, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5528] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 680 0000000077492238 8 bytes [00, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5528] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000774926e0 8 bytes [F0, 6D, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5528] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000774dda80 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5528] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 00000000774ddc00 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5528] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000774ddc30 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5528] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000774ddd50 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5528] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000774dde00 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5528] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000774de430 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5528] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 00000000774de680 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5528] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000774deee0 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5528] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000074f013cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5528] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000074f0146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5528] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000074f016d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5528] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000074f019db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5528] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000074f019fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5528] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000074f01a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000774913ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077491544 8 bytes [60, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 00000000774918ce 8 bytes [50, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077491ba8 8 bytes [40, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077491d25 8 bytes [30, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077491e8f 8 bytes [20, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077491f75 8 bytes [10, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 680 0000000077492238 8 bytes [00, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000774926e0 8 bytes [F0, 6D, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000774dda80 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 00000000774ddc00 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000774ddc30 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000774ddd50 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000774dde00 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000774de430 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 00000000774de680 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000774deee0 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000074f013cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000074f0146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000074f016d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000074f019db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000074f019fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3224] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000074f01a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4136] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000774913ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4136] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077491544 8 bytes [60, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4136] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 00000000774918ce 8 bytes [50, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4136] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077491ba8 8 bytes [40, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4136] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077491d25 8 bytes [30, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4136] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077491e8f 8 bytes [20, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4136] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077491f75 8 bytes [10, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4136] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 680 0000000077492238 8 bytes [00, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4136] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000774926e0 8 bytes [F0, 6D, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4136] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000774dda80 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4136] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 00000000774ddc00 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4136] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000774ddc30 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4136] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000774ddd50 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4136] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000774dde00 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000774de430 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4136] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 00000000774de680 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4136] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000774deee0 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4136] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000074f013cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4136] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000074f0146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4136] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000074f016d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4136] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000074f019db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4136] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000074f019fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4136] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000074f01a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000774913ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077491544 8 bytes [60, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 00000000774918ce 8 bytes [50, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077491ba8 8 bytes [40, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077491d25 8 bytes [30, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077491e8f 8 bytes [20, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077491f75 8 bytes [10, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 680 0000000077492238 8 bytes [00, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000774926e0 8 bytes [F0, 6D, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000774dda80 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 00000000774ddc00 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000774ddc30 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000774ddd50 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000774dde00 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000774de430 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 00000000774de680 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000774deee0 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3204] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000074f013cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3204] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000074f0146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3204] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000074f016d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3204] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000074f019db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3204] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000074f019fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3204] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000074f01a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\cmd.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000774913ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\cmd.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077491544 8 bytes [60, 6E, F8, 7E, 00, 00, 00, ...] .text C:\Windows\SysWOW64\cmd.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 00000000774918ce 8 bytes [50, 6E, F8, 7E, 00, 00, 00, ...] .text C:\Windows\SysWOW64\cmd.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077491ba8 8 bytes [40, 6E, F8, 7E, 00, 00, 00, ...] .text C:\Windows\SysWOW64\cmd.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077491d25 8 bytes [30, 6E, F8, 7E, 00, 00, 00, ...] .text C:\Windows\SysWOW64\cmd.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077491e8f 8 bytes [20, 6E, F8, 7E, 00, 00, 00, ...] .text C:\Windows\SysWOW64\cmd.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077491f75 8 bytes [10, 6E, F8, 7E, 00, 00, 00, ...] .text C:\Windows\SysWOW64\cmd.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 680 0000000077492238 8 bytes [00, 6E, F8, 7E, 00, 00, 00, ...] .text C:\Windows\SysWOW64\cmd.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000774926e0 8 bytes [F0, 6D, F8, 7E, 00, 00, 00, ...] .text C:\Windows\SysWOW64\cmd.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000774dda80 8 bytes {JMP QWORD [RIP-0x4bd61]} .text C:\Windows\SysWOW64\cmd.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 00000000774ddc00 8 bytes {JMP QWORD [RIP-0x4bd77]} .text C:\Windows\SysWOW64\cmd.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000774ddc30 8 bytes {JMP QWORD [RIP-0x4c6f2]} .text C:\Windows\SysWOW64\cmd.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000774ddd50 8 bytes {JMP QWORD [RIP-0x4c1ae]} .text C:\Windows\SysWOW64\cmd.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000774dde00 8 bytes {JMP QWORD [RIP-0x4c538]} .text C:\Windows\SysWOW64\cmd.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000774de430 8 bytes {JMP QWORD [RIP-0x4bd56]} .text C:\Windows\SysWOW64\cmd.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 00000000774de680 8 bytes {JMP QWORD [RIP-0x4c44e]} .text C:\Windows\SysWOW64\cmd.exe[2500] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000774deee0 8 bytes {JMP QWORD [RIP-0x4cf71]} .text C:\Windows\SysWOW64\cmd.exe[2500] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000074f013cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\cmd.exe[2500] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000074f0146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Windows\SysWOW64\cmd.exe[2500] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000074f016d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\cmd.exe[2500] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000074f019db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\cmd.exe[2500] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000074f019fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\cmd.exe[2500] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000074f01a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\plugin-nm-server.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000774913ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\plugin-nm-server.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077491544 8 bytes [60, 6E, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\plugin-nm-server.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 00000000774918ce 8 bytes [50, 6E, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\plugin-nm-server.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077491ba8 8 bytes [40, 6E, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\plugin-nm-server.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077491d25 8 bytes [30, 6E, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\plugin-nm-server.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077491e8f 8 bytes [20, 6E, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\plugin-nm-server.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077491f75 8 bytes [10, 6E, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\plugin-nm-server.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 680 0000000077492238 8 bytes [00, 6E, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\plugin-nm-server.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000774926e0 8 bytes [F0, 6D, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\plugin-nm-server.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000774dda80 8 bytes {JMP QWORD [RIP-0x4bd61]} .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\plugin-nm-server.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 00000000774ddc00 8 bytes {JMP QWORD [RIP-0x4bd77]} .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\plugin-nm-server.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000774ddc30 8 bytes {JMP QWORD [RIP-0x4c6f2]} .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\plugin-nm-server.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000774ddd50 8 bytes {JMP QWORD [RIP-0x4c1ae]} .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\plugin-nm-server.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000774dde00 8 bytes {JMP QWORD [RIP-0x4c538]} .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\plugin-nm-server.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000774de430 8 bytes {JMP QWORD [RIP-0x4bd56]} .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\plugin-nm-server.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 00000000774de680 8 bytes {JMP QWORD [RIP-0x4c44e]} .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\plugin-nm-server.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000774deee0 8 bytes {JMP QWORD [RIP-0x4cf71]} .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\plugin-nm-server.exe[4100] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000074f013cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\plugin-nm-server.exe[4100] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000074f0146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\plugin-nm-server.exe[4100] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000074f016d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\plugin-nm-server.exe[4100] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000074f019db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\plugin-nm-server.exe[4100] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000074f019fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\plugin-nm-server.exe[4100] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000074f01a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000774913ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077491544 8 bytes [60, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 00000000774918ce 8 bytes [50, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077491ba8 8 bytes [40, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077491d25 8 bytes [30, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077491e8f 8 bytes [20, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077491f75 8 bytes [10, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 680 0000000077492238 8 bytes [00, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000774926e0 8 bytes [F0, 6D, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000774dda80 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 00000000774ddc00 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000774ddc30 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000774ddd50 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000774dde00 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000774de430 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 00000000774de680 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000774deee0 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000074f013cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000074f0146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000074f016d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000074f019db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000074f019fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3332] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000074f01a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1252] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000774913ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1252] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077491544 8 bytes [60, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1252] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 00000000774918ce 8 bytes [50, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1252] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077491ba8 8 bytes [40, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1252] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077491d25 8 bytes [30, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1252] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077491e8f 8 bytes [20, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1252] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077491f75 8 bytes [10, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1252] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 680 0000000077492238 8 bytes [00, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1252] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000774926e0 8 bytes [F0, 6D, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1252] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000774dda80 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1252] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 00000000774ddc00 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1252] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000774ddc30 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1252] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000774ddd50 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1252] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000774dde00 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1252] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000774de430 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1252] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 00000000774de680 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1252] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000774deee0 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1252] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000074f013cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1252] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000074f0146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1252] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000074f016d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1252] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000074f019db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1252] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000074f019fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1252] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000074f01a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2412] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000774913ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2412] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077491544 8 bytes [60, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2412] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 00000000774918ce 8 bytes [50, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2412] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077491ba8 8 bytes [40, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2412] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077491d25 8 bytes [30, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2412] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077491e8f 8 bytes [20, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2412] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077491f75 8 bytes [10, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2412] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 680 0000000077492238 8 bytes [00, 6E, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2412] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000774926e0 8 bytes [F0, 6D, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2412] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000774dda80 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2412] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 00000000774ddc00 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2412] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000774ddc30 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2412] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000774ddd50 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2412] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000774dde00 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000774de430 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2412] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 00000000774de680 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2412] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000774deee0 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2412] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000074f013cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2412] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000074f0146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2412] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000074f016d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2412] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000074f019db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2412] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000074f019fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2412] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000074f01a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Piotruœ\Downloads\f6rdfiiw.exe[5724] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000774913ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Piotruœ\Downloads\f6rdfiiw.exe[5724] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077491544 8 bytes [60, 6E, F8, 7E, 00, 00, 00, ...] .text C:\Users\Piotruœ\Downloads\f6rdfiiw.exe[5724] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 00000000774918ce 8 bytes [50, 6E, F8, 7E, 00, 00, 00, ...] .text C:\Users\Piotruœ\Downloads\f6rdfiiw.exe[5724] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077491ba8 8 bytes [40, 6E, F8, 7E, 00, 00, 00, ...] .text C:\Users\Piotruœ\Downloads\f6rdfiiw.exe[5724] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077491d25 8 bytes [30, 6E, F8, 7E, 00, 00, 00, ...] .text C:\Users\Piotruœ\Downloads\f6rdfiiw.exe[5724] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077491e8f 8 bytes [20, 6E, F8, 7E, 00, 00, 00, ...] .text C:\Users\Piotruœ\Downloads\f6rdfiiw.exe[5724] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077491f75 8 bytes [10, 6E, F8, 7E, 00, 00, 00, ...] .text C:\Users\Piotruœ\Downloads\f6rdfiiw.exe[5724] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 680 0000000077492238 8 bytes [00, 6E, F8, 7E, 00, 00, 00, ...] .text C:\Users\Piotruœ\Downloads\f6rdfiiw.exe[5724] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000774926e0 8 bytes [F0, 6D, F8, 7E, 00, 00, 00, ...] .text C:\Users\Piotruœ\Downloads\f6rdfiiw.exe[5724] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000774dda80 8 bytes {JMP QWORD [RIP-0x4bd61]} .text C:\Users\Piotruœ\Downloads\f6rdfiiw.exe[5724] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 00000000774ddc00 8 bytes {JMP QWORD [RIP-0x4bd77]} .text C:\Users\Piotruœ\Downloads\f6rdfiiw.exe[5724] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000774ddc30 8 bytes {JMP QWORD [RIP-0x4c6f2]} .text C:\Users\Piotruœ\Downloads\f6rdfiiw.exe[5724] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000774ddd50 8 bytes {JMP QWORD [RIP-0x4c1ae]} .text C:\Users\Piotruœ\Downloads\f6rdfiiw.exe[5724] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000774dde00 8 bytes {JMP QWORD [RIP-0x4c538]} .text C:\Users\Piotruœ\Downloads\f6rdfiiw.exe[5724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000774de430 8 bytes {JMP QWORD [RIP-0x4bd56]} .text C:\Users\Piotruœ\Downloads\f6rdfiiw.exe[5724] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 00000000774de680 8 bytes {JMP QWORD [RIP-0x4c44e]} .text C:\Users\Piotruœ\Downloads\f6rdfiiw.exe[5724] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000774deee0 8 bytes {JMP QWORD [RIP-0x4cf71]} .text C:\Users\Piotruœ\Downloads\f6rdfiiw.exe[5724] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000074f013cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Piotruœ\Downloads\f6rdfiiw.exe[5724] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000074f0146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Users\Piotruœ\Downloads\f6rdfiiw.exe[5724] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000074f016d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Piotruœ\Downloads\f6rdfiiw.exe[5724] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000074f019db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Piotruœ\Downloads\f6rdfiiw.exe[5724] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000074f019fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Piotruœ\Downloads\f6rdfiiw.exe[5724] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000074f01a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] ---- Kernel IAT/EAT - GMER 2.1 ---- IAT C:\Windows\System32\win32k.sys[ntoskrnl.exe!KeUserModeCallback] [fffff88002148f58] \SystemRoot\system32\DRIVERS\klif.sys [PAGE] ---- Processes - GMER 2.1 ---- Library C:\ProgramData\Razer\Synapse\Devices\RazerConfigNative.dll (*** suspicious ***) @ C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [4208] (Razer Configurator/Razer Inc.)(2015-01-07 03:14:46) 00000000612c0000 ---- EOF - GMER 2.1 ----